diff --git a/capi/__init__.py b/capi/__init__.py
index bf90cd2..281d65a 100644
--- a/capi/__init__.py
+++ b/capi/__init__.py
@@ -5,6 +5,7 @@ from . import exceptions
import base64
import os
import time
+from typing import Union
import config
from EDMCLogging import get_main_logger
@@ -92,9 +93,13 @@ class CAPIAuthorizer:
return msg
- def get_token_by_state(self, state: str) -> dict:
+ def get_token_by_state(self, state: str) -> Union[dict, None]:
self.refresh_by_state(state)
row = self.model.get_token_for_user(state)
+
+ if row is None:
+ return None
+
row['expires_over'] = int(row['expires_on']) - int(time.time())
return row
@@ -113,7 +118,7 @@ class CAPIAuthorizer:
if row is None:
# No such state in DB
msg['status'] = 'error'
- msg['message'] = 'No such state in DB'
+ msg['description'] = 'No such state in DB'
raise exceptions.RefreshFail(msg['description'], msg['status'], state)
msg['state'] = state
@@ -163,5 +168,8 @@ class CAPIAuthorizer:
def list_all_users(self) -> list[dict]:
return self.model.list_all_records()
+ def cleanup_orphans(self) -> None:
+ self.model.cleanup_orphans_records()
+
capi_authorizer = CAPIAuthorizer(model.Model())
diff --git a/capi/exceptions.py b/capi/exceptions.py
index 565ad9a..032c73b 100644
--- a/capi/exceptions.py
+++ b/capi/exceptions.py
@@ -3,4 +3,4 @@ class RefreshFail(Exception):
self.message = message
self.status = status
self.state = state
- super().__init__(self.message + ' for ' + self.state)
+ super().__init__(str(self.message) + ' for ' + str(self.state))
diff --git a/capi/model.py b/capi/model.py
index fbf65bb..bd8d6d1 100644
--- a/capi/model.py
+++ b/capi/model.py
@@ -115,3 +115,7 @@ class Model:
def list_all_records(self) -> list:
return self.db.execute(sqlite_requests.select_nickname_state_all).fetchall()
+
+ def cleanup_orphans_records(self) -> None:
+ with self.db:
+ self.db.execute(sqlite_requests.del_orphans)
diff --git a/capi/sqlite_requests.py b/capi/sqlite_requests.py
index ac40e8f..98d2f51 100644
--- a/capi/sqlite_requests.py
+++ b/capi/sqlite_requests.py
@@ -46,3 +46,5 @@ get_token_for_user = """select
from authorizations where state = :state;"""
select_nickname_state_all = """select nickname, state from authorizations where nickname is not null;"""
+
+del_orphans = """delete from authorizations where nickname is null;"""
diff --git a/config.py b/config.py
index b932e15..ba142b9 100644
--- a/config.py
+++ b/config.py
@@ -1,3 +1,5 @@
+import os
+
import requests
from os import getenv
@@ -6,6 +8,8 @@ assert CLIENT_ID, "No client_id in env"
log_level = 'DEBUG'
+access_key = os.getenv('access_key')
+
REDIRECT_URL = requests.utils.quote("http://127.0.0.1:9000/fdev-redirect")
AUTH_URL = 'https://auth.frontierstore.net/auth'
TOKEN_URL = 'https://auth.frontierstore.net/token'
diff --git a/web.py b/web.py
index 0b816cc..7ae76eb 100644
--- a/web.py
+++ b/web.py
@@ -4,6 +4,16 @@ import json
from capi import capi_authorizer
import config
+from EDMCLogging import get_main_logger
+
+logger = get_main_logger()
+logger.propagate = False
+
+
+def check_secret(req: falcon.request.Request, resp: falcon.response.Response, resource, params) -> None:
+ cookies_secret = req.get_cookie_values('key')
+ if cookies_secret[0] != config.access_key:
+ raise falcon.HTTPForbidden
class AuthInit:
@@ -16,14 +26,70 @@ class FDEVCallback:
def on_get(self, req: falcon.request.Request, resp: falcon.response.Response) -> None:
code = req.get_param('code')
state = req.get_param('state')
- msg = capi_authorizer.fdev_callback(code, state)
+ try:
+ msg = capi_authorizer.fdev_callback(code, state)
+ resp.content_type = falcon.MEDIA_JSON
+ resp.text = json.dumps(msg)
+
+ except KeyError as e:
+ logger.warning(f'Exception on FDEVCallback, code: {code!r}, state: {state!r}', exc_info=e)
+ raise falcon.HTTPNotFound(description=str(e))
+
+ except Exception as e:
+ logger.warning(f'Exception on FDEVCallback, code: {code!r}, state: {state!r}', exc_info=e)
+ raise falcon.HTTPBadRequest(description=str(e))
+
+
+class TokenByState:
+ def on_get(self, req: falcon.request.Request, resp: falcon.response.Response, state: str) -> None:
resp.content_type = falcon.MEDIA_JSON
- resp.text = json.dumps(msg)
+ tokens = capi_authorizer.get_token_by_state(state)
+ if tokens is None:
+ raise falcon.HTTPNotFound(description='No such state found')
+
+ resp.text = json.dumps(tokens)
+
+ def on_delete(self, req: falcon.request.Request, resp: falcon.response.Response, state: str):
+ tokens = capi_authorizer.get_token_by_state(state)
+ if tokens is None:
+ raise falcon.HTTPNotFound(description='No such state found')
+
+ capi_authorizer.delete_by_state(state)
+
+
+class TokenByNickname:
+ @falcon.before(check_secret)
+ def on_get(self, req: falcon.request.Request, resp: falcon.response.Response, nickname: str):
+ resp.content_type = falcon.MEDIA_JSON
+ state = capi_authorizer.model.get_state_by_nickname(nickname)
+ if state is None:
+ raise falcon.HTTPNotFound(description='No such nickname found')
+
+ tokens = capi_authorizer.get_token_by_state(state)
+
+ resp.text = json.dumps(tokens)
+
+ @falcon.before(check_secret)
+ def on_delete(self, req: falcon.request.Request, resp: falcon.response.Response, nickname: str):
+ state = capi_authorizer.model.get_state_by_nickname(nickname)
+ if state is None:
+ raise falcon.HTTPNotFound(description='No such nickname found')
+
+ capi_authorizer.delete_by_state(state)
+
+
+class CleanOrphanRecords:
+ def on_post(self, req: falcon.request.Request, resp: falcon.response.Response):
+ capi_authorizer.cleanup_orphans()
application = falcon.App()
application.add_route('/authorize', AuthInit())
application.add_route('/fdev-redirect', FDEVCallback())
+application.add_route('/users/{state}', TokenByState()) # for legacy reasons
+application.add_route('/users/by-state/{state}', TokenByState())
+application.add_route('/users/by-nickname/{nickname}', TokenByNickname())
+application.add_route('/tools/clean-orphan-records', CleanOrphanRecords())
if __name__ == '__main__':
- waitress.serve(application, host='127.0.0.1', port=9000)
\ No newline at end of file
+ waitress.serve(application, host='127.0.0.1', port=9000)